Skip to content
This repository was archived by the owner on May 11, 2020. It is now read-only.

Commit 8772f68

Browse files
laizysbinet
laizy
authored and
sbinet
committed
validate/disasm: fix call_indirect and some reserved value checking
1 parent 49dc095 commit 8772f68

File tree

2 files changed

+28
-7
lines changed

2 files changed

+28
-7
lines changed

disasm/disasm.go

Lines changed: 12 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -428,11 +428,14 @@ func Disassemble(code []byte) ([]Instr, error) {
428428
}
429429
instr.Immediates = append(instr.Immediates, index)
430430
if op == ops.CallIndirect {
431-
reserved, err := leb128.ReadVarUint32(reader)
431+
idx, err := wasm.ReadByte(reader)
432432
if err != nil {
433433
return nil, err
434434
}
435-
instr.Immediates = append(instr.Immediates, reserved)
435+
if idx != 0x00 {
436+
return nil, errors.New("disasm: table index in call_indirect must be 0")
437+
}
438+
instr.Immediates = append(instr.Immediates, uint32(idx))
436439
}
437440
case ops.GetLocal, ops.SetLocal, ops.TeeLocal, ops.GetGlobal, ops.SetGlobal:
438441
index, err := leb128.ReadVarUint32(reader)
@@ -468,23 +471,26 @@ func Disassemble(code []byte) ([]Instr, error) {
468471
instr.Immediates = append(instr.Immediates, math.Float64frombits(i))
469472
case ops.I32Load, ops.I64Load, ops.F32Load, ops.F64Load, ops.I32Load8s, ops.I32Load8u, ops.I32Load16s, ops.I32Load16u, ops.I64Load8s, ops.I64Load8u, ops.I64Load16s, ops.I64Load16u, ops.I64Load32s, ops.I64Load32u, ops.I32Store, ops.I64Store, ops.F32Store, ops.F64Store, ops.I32Store8, ops.I32Store16, ops.I64Store8, ops.I64Store16, ops.I64Store32:
470473
// read memory_immediate
471-
flags, err := leb128.ReadVarUint32(reader)
474+
align, err := leb128.ReadVarUint32(reader)
472475
if err != nil {
473476
return nil, err
474477
}
475-
instr.Immediates = append(instr.Immediates, flags)
478+
instr.Immediates = append(instr.Immediates, align)
476479

477480
offset, err := leb128.ReadVarUint32(reader)
478481
if err != nil {
479482
return nil, err
480483
}
481484
instr.Immediates = append(instr.Immediates, offset)
482485
case ops.CurrentMemory, ops.GrowMemory:
483-
res, err := leb128.ReadVarUint32(reader)
486+
idx, err := wasm.ReadByte(reader)
484487
if err != nil {
485488
return nil, err
486489
}
487-
instr.Immediates = append(instr.Immediates, uint8(res))
490+
if idx != 0x00 {
491+
return nil, errors.New("disasm: memory index must be 0")
492+
}
493+
instr.Immediates = append(instr.Immediates, uint8(idx))
488494
}
489495
out = append(out, instr)
490496
}

validate/validate.go

Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ package validate
77

88
import (
99
"bytes"
10+
"errors"
1011
"io"
1112

1213
"github.com/go-interpreter/wagon/wasm"
@@ -249,10 +250,13 @@ func verifyBody(fn *wasm.FunctionSig, body *wasm.FunctionBody, module *wasm.Modu
249250
return vm, err
250251
}
251252
case ops.CurrentMemory, ops.GrowMemory:
252-
_, err := vm.fetchVarUint()
253+
memIndex, err := vm.fetchByte()
253254
if err != nil {
254255
return vm, err
255256
}
257+
if memIndex != 0x00 {
258+
return vm, errors.New("validate: memory index must be 0")
259+
}
256260

257261
case ops.Call:
258262
index, err := vm.fetchVarUint()
@@ -298,6 +302,17 @@ func verifyBody(fn *wasm.FunctionSig, body *wasm.FunctionBody, module *wasm.Modu
298302
if err != nil {
299303
return vm, err
300304
}
305+
tableIndex, err := vm.fetchByte()
306+
if err != nil {
307+
return vm, err
308+
}
309+
if tableIndex != 0x00 {
310+
return vm, errors.New("validate: table index in call_indirect must be 0")
311+
}
312+
313+
if index >= uint32(len(module.Types.Entries)) {
314+
return vm, errors.New("validate: type index out of range in call_indirect")
315+
}
301316

302317
fnExpectSig := module.Types.Entries[index]
303318

0 commit comments

Comments
 (0)